home

setup.exe

Installer

The application setup.exe has been detected as a potentially unwanted program by 13 anti-malware scanners. The file has been seen being downloaded from safedownloadsrus131.com. While running, it connects to the Internet address www.ibbalance.com on port 443.
Product:
Installer

Version:
1.0.0.1

MD5:
be555dd2561c303859776592ce4143c2

SHA-1:
696cb08561f6969dbc2ee4a46138f3884693e05b

SHA-256:
f78e6d3ea0f8548e1fa04228e2981a49ba4cd63447f37f1b7f950e2c98c01885

Scanner detections:
13 / 68

Status:
Potentially unwanted

Analysis date:
2/27/2025 12:27:09 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Neshta.a
7.11.30.172

avast!
Win32:Malware-gen
150525-2

Dr.Web
Adware.Downware.11074
9.0.1.0150

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.86912
8.15.05.30.12

ESET NOD32
Win32/AdGazelle.I potentially unwanted application
7.0.302.0

F-Prot
W32/S-6897f6c9
v6.4.7.1.166

F-Secure
Gen:Variant.Graftor.189304
11.2015-30-05_7

IKARUS anti.virus
AdWare.AdGazelle
t3scan.1.9.2.0

Malwarebytes
PUP.Optional.Downware
v2015.05.30.12

NANO AntiVirus
Riskware.Win32.Downware.drcrbc
0.30.24.1636

Norman
Gen:Variant.Graftor.189304
11.20150530

Reason Heuristics
Threat.Win.Reputation.IMP
15.5.30.8

VIPRE Antivirus
Threat.5063330
39676

File size:
281.1 KB (287,808 bytes)

Product version:
1.0.0.1

Copyright:
Copyright (C) 2014

Original file name:
installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\setup.exe

File PE Metadata
Compilation timestamp:
5/27/2015 6:58:49 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:jd+QoEGrNOaHeTVbcGVrERAO0AODkGsmT:RVoVJiTh3rEiKGsmT

Entry address:
0xFC63

Entry point:
E8, 90, AC, 00, 00, E9, 8B, FE, FF, FF, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, E8, C2, 43, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, A8, 43, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, E8, C2, 43, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03...
 
[+]

Entropy:
6.2125

Code size:
160.5 KB (164,352 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://safedownloadsrus131.com/download/.../1771?lpm_id=127

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.